On March 1, negotiators from the Belgian presidency of the European Council and European Parliament provisionally agreed on two regulations that govern the collection and use of air passenger data for border management and law enforcement.
The new rules will improve the handling of advance passenger information (API) data to perform checks on passengers before they arrive at the EU’s external borders but also for intra-EU flights. They will enhance the fight against terrorism and serious crime within the EU, supplementing the processing of passenger name record (PNR) data.
API contains identification details from the travel document and basic flight information and will be transmitted to authorities at the place of arrival before and after take-off.
The two new regulations stipulate what API data air carriers must collect and transfer. API data will consist of a closed list of traveler information such as name, date of birth, nationality, type and number of travel documents, seating information and baggage information. In addition, air carriers will be obliged to collect certain flight information, for instance the flight identification number, the airport code and the time of departure and arrival.
In principle, the collection and transfer of API data only concerns flights that depart from outside the EU. However, member states may decide to include intra-EU flights. Such a decision will depend on specific law enforcement needs, such as a terrorist threat; in the absence of such a threat, it must be supported by a suitably motivated risk assessment.
The new regulations would allow law enforcement authorities to combine travelers’ API data and PNR. The PNR is a larger set of air passenger reservation data and contains details about the itinerary of a passenger and information on the flight booking process. When used together, API and PNR are particularly effective in identifying high-risk travelers and confirming the travel patterns of suspected people.
Border authorities would benefit from a more complete view of travelers arriving at airports, enabling them to perform pre-checks before landing, store the data longer than is foreseen today to perform the necessary checks and, as a consequence, manage their border controls more efficiently.
The European Council says this will strengthen border security as it should increase the chances of preventing unwanted border crossings. Meanwhile, passengers should benefit from shorter waiting times and smoother passport checks.
Airlines will have to collect the API data contained in travel documents by automated means (e.g. through scanning machine-readable passports). Only if an automated collection of traveler data is not possible due to technical reasons can an air carrier collect the data manually (either as part of the online check-in or the check-in at the airport). The possibility to provide data manually during the online check-in will in any case remain available during a transitional period of two years. Verification mechanisms will be put in place by the air carriers to guarantee the accuracy of the data.
To streamline the transmission of the API data, the Council and Parliament decided to put in place a central router. This router, which will be developed by an EU agency, will receive the data collected by the air carriers and transmit it to the relevant border management and law enforcement authorities. This router will later also serve for the collection and transmission of PNR data.
Because air carriers will no longer have to send API data to multiple authorities, this will enhance the efficiency and decrease the costs of data transfer, and reduce the risk of errors and abuses.
The agreement will have to be confirmed by member states’ representatives before formal adoption in the European Parliament and the Council.
For more security news, please click here.